282 matches found
Rclone Security Feature Issue Vulnerability
Rclone is a software from the Rclone team that synchronizes data asynchronously from cloud storage. The software supports Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, Yandex Files and other cloud storage. A security vulnerabilit...
The vulnerability of the Java framework for securing industrial applications using Spring Security, related to the use of insufficiently random values, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Java framework for securing industrial applications using Spring Security is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
PT-2021-5807
Name of the Vulnerable Software and Affected Versions Ansible Engine versions prior to 2.9.6 Description A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file...
CVE-2020-11957
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number Pairing Random with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with...
PT-2020-19335 · Elastic · Cloud On Kubernetes
Name of the Vulnerable Software and Affected Versions: Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 Description: The issue concerns a weak random number generator used to generate passwords in Elastic Cloud on Kubernetes ECK. This weakness can be exploited if an attacker determines whe...
CVE-2015-8851
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...
UBUNTU-CVE-2015-8851
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...
DEBIAN-CVE-2013-0294
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...
PYSEC-2020-211
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...
CVE-2018-19441
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secretkey values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to...
The vulnerability of ViewPoint video terminals models 9630, 9650, and 9660 is related to the use of insufficiently random values, which allows attackers to disclose protected information.
The vulnerability of ViewPoint video terminals models 9630, 9650, and 9660 is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...
CVE-2019-16205
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal...
BSA-2019-864
Security Advisory ID : BSA-2019-864 Component : SANnav portal Revision : 1.0 A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication...
PYSEC-2019-140
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...
The vulnerability of the microprogrammed programmable logic controller Modicon, related to the use of insufficiently random values, allows a intruder to intercept TCP connections.
The vulnerability of the microprogrammed programmable logic controller Modicon is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to intercept TCP connections remotely...
UBUNTU-CVE-2016-10743
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an osrandom function call...
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...
PT-2018-11723 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2-23739 Description: The issue is related to the use of insufficiently random values in the SYNO.Encryption.GenRandomKey function, allowing man-in-the-middle attackers to compromise non-HTT...
Generate Password - Less critical - Insecure Randomness - SA-CONTRIB-2018-042
The Genpass module makes the password field optional or hidden on the add new user page admin & registration. If the password field is not set during registration, the system generates a password. The module doesn't use a strong source of randomness, creating weak and predictable passwords. This...